From: Daniel De Graaf <dgdegra@tycho.nsa.gov>
To: Doug Goldstein <cardoe@cardoe.com>, xen-devel@lists.xen.org
Cc: Andrew Cooper <andrew.cooper3@citrix.com>,
Keir Fraser <keir@xen.org>, Jan Beulich <jbeulich@suse.com>
Subject: Re: [PATCH 2/2] xen: convert XSM_ENABLE to Kconfig
Date: Mon, 4 Jan 2016 15:01:12 -0500 [thread overview]
Message-ID: <568ACF88.1060607@tycho.nsa.gov> (raw)
In-Reply-To: <1450819607-3763-2-git-send-email-cardoe@cardoe.com>
On 22/12/15 16:26, Doug Goldstein wrote:
> Converts the existing XSM_ENABLE flag from Config.mk to CONFIG_XSM
> within Kconfig. This also re-adds the dependency of CONFIG_FLASK on
> CONFIG_XSM.
>
> CC: Keir Fraser <keir@xen.org>
> CC: Jan Beulich <jbeulich@suse.com>
> CC: Andrew Cooper <andrew.cooper3@citrix.com>
> Signed-off-by: Doug Goldstein <cardoe@cardoe.com>
The dependencies for LATE_HWDOM are backwards: it is an optional X86-only
feature (which probably should be off by default) that depends on XSM to
work properly.
How about this for the help text:
Allows the creation of a dedicated hardware domain distinct from
domain 0 that manages devices without needing access to other
privileged functionality such as the ability to manage domains.
This requires that the actual domain 0 be a stub domain that
constructs the actual hardware domain instead of initializing the
hardware itself. Because the hardware domain needs access to
hypercalls not available to unprivileged guests, an XSM policy
is required to properly define the privilege of these domains.
This feature does nothing if the "hardware_dom" boot parameter is
not present. If this feature is being used for security, it should
be combined with an IOMMU in strict mode.
If unsure, say N.
next prev parent reply other threads:[~2016-01-04 20:01 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-22 4:46 [PATCH] tools: make flask utils build unconditional Doug Goldstein
2015-12-22 11:51 ` Andrew Cooper
2015-12-22 21:26 ` [PATCH 1/2] xen: convert FLASK_ENABLE to Kconfig Doug Goldstein
2015-12-22 21:26 ` [PATCH 2/2] xen: convert XSM_ENABLE " Doug Goldstein
2015-12-22 21:37 ` Andrew Cooper
2016-01-04 20:01 ` Daniel De Graaf [this message]
2016-01-04 20:33 ` Doug Goldstein
2016-01-04 20:47 ` Daniel De Graaf
2016-01-05 3:06 ` [PATCH v2 " Doug Goldstein
2016-01-11 11:44 ` Ian Jackson
2016-01-04 20:01 ` [PATCH 1/2] xen: convert FLASK_ENABLE " Daniel De Graaf
2016-01-04 12:28 ` [PATCH] tools: make flask utils build unconditional Wei Liu
2016-01-04 14:14 ` Doug Goldstein
2016-01-04 14:26 ` Wei Liu
2016-01-05 14:37 ` Ian Campbell
2016-01-05 15:36 ` Ian Campbell
2016-01-05 16:13 ` Wei Liu
2016-01-05 16:24 ` Ian Campbell
2016-01-05 16:42 ` Wei Liu
2016-01-08 18:49 ` Doug Goldstein
2016-01-11 15:19 ` Wei Liu
2016-01-11 17:10 ` Doug Goldstein
2016-01-12 16:09 ` Wei Liu
2016-01-05 16:34 ` Doug Goldstein
2016-01-05 16:41 ` Ian Campbell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=568ACF88.1060607@tycho.nsa.gov \
--to=dgdegra@tycho.nsa.gov \
--cc=andrew.cooper3@citrix.com \
--cc=cardoe@cardoe.com \
--cc=jbeulich@suse.com \
--cc=keir@xen.org \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.